ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 1 question 4 discussion

Actual exam question from Microsoft's MS-500
Question #: 4
Topic #: 1
[All MS-500 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings:
✑ Source Anchor: objectGUID
✑ Password Hash Synchronization: Disabled
✑ Password writeback: Disabled
✑ Directory extension attribute sync: Disabled
✑ Azure AD app and attribute filtering: Disabled
✑ Exchange hybrid deployment: Disabled
✑ User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Source Anchor settings.
Does that meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by CWT at Nov. 25, 2019, 9:55 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
O365_dude
Highly Voted 5 years, 3 months ago
Protect against leaked credentials and add resilience against outages If your organization uses a hybrid identity solution with pass-through authentication or federation, then you should enable password hash sync for the following two reasons: The Users with leaked credentials report in the Azure AD management warns you of username and password pairs, which have been exposed on the "dark web." An incredible volume of passwords is leaked via phishing, malware, and password reuse on third-party sites that are later breached. Microsoft finds many of these leaked credentials and will tell you, in this report, if they match credentials in your organization – but only if you enable password hash sync!
upvoted 22 times
jaber1986
3 years, 8 months ago
so, the answer ist correct. B.
upvoted 1 times
...
...
CWT
Highly Voted 5 years, 5 months ago
Specific details on PHS and ADFS: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-phs https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/Configuring-AD-FS-for-user-sign-in-with-Azure-AD-Connect
upvoted 6 times
...
NarenKA
Most Recent 2 years, 8 months ago
B is correct answer.
upvoted 1 times
...
Eltooth
2 years, 9 months ago
Selected Answer: B
B is correct answer.
upvoted 1 times
...
arska
3 years, 1 month ago
Selected Answer: B
No. Source Anchor has nothing to do with leaked credential detection.
upvoted 1 times
...
mkoprivnj
3 years, 5 months ago
Selected Answer: B
Leaked credentials detection in Azure AD Identity Protection requires Password Hash Sync enabled in Azure AD Connect
upvoted 1 times
...
lime568
3 years, 9 months ago
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks Only new leaked credentials found after you enable password hash synchronization (PHS) will be processed against your tenant.
upvoted 2 times
...
kiketxu
4 years, 2 months ago
Now YES, B for sure
upvoted 1 times
kiketxu
4 years, 1 month ago
I was meaning the anwer is NO
upvoted 1 times
...
...
doublekill
4 years, 2 months ago
The answer is YES, is correct.
upvoted 1 times
Joshycannon
3 years, 5 months ago
I know this comment is 8 months old but for anyone seeing this and being confused by all the random responses: The Source Anchor Attribute is considered an Immutable ID, meaning, once set and the identifier has been synced, it cannot be modified Just google Source Anchor and its literally the first result that tells you this. This has nothing to do with a password.
upvoted 2 times
...
...
shanti0091
4 years, 3 months ago
The answer is correct, A
upvoted 1 times
...
rkapoor8855
4 years, 3 months ago
The answer is YES
upvoted 1 times
...
svm_Terran
4 years, 4 months ago
modify the Password Hash Synchronization settings is true.
upvoted 4 times
...
SMHH
4 years, 10 months ago
https://docs.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity#protect-against-leaked-credentials-and-add-resilience-against-outages
upvoted 1 times
...
m2L
5 years, 3 months ago
https://www.microsoft.com/security/blog/2019/05/30/demystifying-password-hash-sync/
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago